Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2014-3518 - Vulnerability Database
Jboss EAP

Jboss EAP Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2014-3518

Medium
Reference: CVE-2014-3518
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-3518
Title: Jboss EAP Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

jmx-remoting.sar in JBoss Remoting as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0 Red Hat JBoss BRMS 5.3.1 Red Hat JBoss Portal Platform 5.2.2 and Red Hat JBoss SOA Platform 5.3.1 does not properly implement the JSR 160 specification which allows remote attackers to execute arbitrary code via unspecified vectors.